Nested Virtualization on VMware (Windows 11)
Fixing:
1. Disable Credential Guard with Registry settings
Key path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Key name: LsaCfgFlags Type: REG_DWORD Value: 0
Key path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard Key name: LsaCfgFlags Type: REG_DWORD Value: 0
2. Disable Credential Guard with UEFI lock, run Windows Command Prompt as administrator
mountvol X: /s
copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
mountvol X: /d3. Disable VBS with Registry settings, Delete the following registry keys
Key path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard Key name: EnableVirtualizationBasedSecurity
Key path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard Key name: RequirePlatformSecurityFeatures
4. Run Windows Command Prompt as administrator
5. Open Group policies editor
Computer Configuration -> Admininistrative Templates -> System -> Device Guard -> select "Turn ON Virtualization Base Security " and choose "Disable" option.
6. Turn off all options in Core isolation of windows 11 24h2
Windows start -> core isolation -> Turn off all options
7. Windows Start -> In Feature windows 11
uncheck: Hyper-V, Virtual machine plafrorm, Windows subsystem for Linux
8. Restart PC
Restart the device. Before the OS boots, a prompt appears notifying that UEFI was modified, and asking for confirmation. (Press F3 and press enter to continue).
After you must be setup new PIN for host machine
Reference:
Last updated
Was this helpful?